CVE-2024-57223 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-57223?

CVE-2024-57223 has a CVSS score of 9.8 (CRITICAL). This CVE describes a command injection vulnerability in Linksys E7350 routers that allows attackers to execute arbitrary commands on the device. The vulnerability exists in the apcli_wps_gen_pincode function via the ifname parameter. All users of affected Linksys E7350 routers are at risk.

📋 TL;DR

This CVE describes a command injection vulnerability in Linksys E7350 routers that allows attackers to execute arbitrary commands on the device. The vulnerability exists in the apcli_wps_gen_pincode function via the ifname parameter. All users of affected Linksys E7350 routers are at risk.

💻 Affected Systems

Products:

Linksys E7350

Versions: 1.1.00.032

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

E7350 Firmware by Linksys

View all CVEs affecting E7350 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router leading to full network access, credential theft, malware deployment, and persistent backdoor installation.

🟠

Likely Case

Router takeover allowing network traffic interception, DNS hijacking, and lateral movement to connected devices.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and strong network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices directly accessible from WAN.

🏢 Internal Only: MEDIUM - Attackers could exploit from compromised internal devices or via phishing.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains proof-of-concept. Command injection vulnerabilities are typically easy to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Linksys support site for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable WPS functionality

all

Disable Wi-Fi Protected Setup feature which may reduce attack surface

Restrict admin interface access

all

Limit access to router admin interface to trusted IP addresses only

🧯 If You Can't Patch

Replace vulnerable router with updated model
Isolate router in separate VLAN with strict firewall rules

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under Administration > Firmware Update

Check Version:

Login to router admin interface and check firmware version

Verify Fix Applied:

Verify firmware version is newer than 1.1.00.032

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed authentication attempts to admin interface
Suspicious ifname parameter values in web logs

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Unexpected port scans originating from router

SIEM Query:

source="router_logs" AND ("apcli_wps_gen_pincode" OR "ifname=" AND ("|" OR ";" OR "$" OR "`"))

📊 Metadata

CVE ID: CVE-2024-57223

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 13.98% exploit probability (94.2th percentile)

Published: January 10, 2025

Last Updated: April 16, 2025

🔗 References

https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_6_apcli_wps_gen_pincode/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57223, you might also want to check these: